Module org.elasticsearch.xcore
Class DefaultAuthenticationFailureHandler
java.lang.Object
org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler
- All Implemented Interfaces:
AuthenticationFailureHandler
public class DefaultAuthenticationFailureHandler
extends Object
implements AuthenticationFailureHandler
The default implementation of a
AuthenticationFailureHandler. This
handler will return an exception with a RestStatus of 401 and default failure
response headers like 'WWW-Authenticate'-
Constructor Summary
ConstructorsConstructorDescriptionDefaultAuthenticationFailureHandler(Map<String, List<String>> failureResponseHeaders) Constructs default authentication failure handler with provided default response headers. -
Method Summary
Modifier and TypeMethodDescriptionauthenticationRequired(String action, ThreadContext context) This method is called when anonymous access is enabled, a request does not pass authorization with the anonymous user, AND the anonymous service is configured to throw an authentication exception instead of an authorization exceptionexceptionProcessingRequest(HttpPreRequest request, Exception e, ThreadContext context) The method is called when an exception has occurred while processing the REST request.exceptionProcessingRequest(TransportRequest message, String action, Exception e, ThreadContext context) The method is called when an exception has occurred while processing the transport message.failedAuthentication(HttpPreRequest request, AuthenticationToken token, ThreadContext context) This method is called when there has been an authentication failure for the given REST request and authentication token.failedAuthentication(TransportRequest message, AuthenticationToken token, String action, ThreadContext context) This method is called when there has been an authentication failure for the given message and tokenmissingToken(HttpPreRequest request, ThreadContext context) This method is called when a REST request is received and no authentication token could be extracted AND anonymous access is disabled.missingToken(TransportRequest message, String action, ThreadContext context) This method is called when a transport message is received and no authentication token could be extracted AND anonymous access is disabled.voidsetHeaders(Map<String, List<String>> failureResponseHeaders) This method is called when failureResponseHeaders need to be set (at startup) or updated (if license state changes)
-
Constructor Details
-
DefaultAuthenticationFailureHandler
Constructs default authentication failure handler with provided default response headers.- Parameters:
failureResponseHeaders- Map of header key and list of header values to be sent as failure response.- See Also:
-
-
Method Details
-
setHeaders
This method is called when failureResponseHeaders need to be set (at startup) or updated (if license state changes)- Parameters:
failureResponseHeaders- the Map of failure response headers to be set
-
failedAuthentication
public ElasticsearchSecurityException failedAuthentication(HttpPreRequest request, AuthenticationToken token, ThreadContext context) Description copied from interface:AuthenticationFailureHandlerThis method is called when there has been an authentication failure for the given REST request and authentication token.- Specified by:
failedAuthenticationin interfaceAuthenticationFailureHandler- Parameters:
request- The request that was being authenticated when the exception occurredtoken- The token that was extracted from the requestcontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
failedAuthentication
public ElasticsearchSecurityException failedAuthentication(TransportRequest message, AuthenticationToken token, String action, ThreadContext context) Description copied from interface:AuthenticationFailureHandlerThis method is called when there has been an authentication failure for the given message and token- Specified by:
failedAuthenticationin interfaceAuthenticationFailureHandler- Parameters:
message- The transport message that could not be authenticatedtoken- The token that was extracted from the messageaction- The name of the action that the message is trying to performcontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
exceptionProcessingRequest
public ElasticsearchSecurityException exceptionProcessingRequest(HttpPreRequest request, Exception e, ThreadContext context) Description copied from interface:AuthenticationFailureHandlerThe method is called when an exception has occurred while processing the REST request. This could be an error that occurred while attempting to extract a token or while attempting to authenticate the request- Specified by:
exceptionProcessingRequestin interfaceAuthenticationFailureHandler- Parameters:
request- The request that was being authenticated when the exception occurrede- The exception that was throwncontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
exceptionProcessingRequest
public ElasticsearchSecurityException exceptionProcessingRequest(TransportRequest message, String action, Exception e, ThreadContext context) Description copied from interface:AuthenticationFailureHandlerThe method is called when an exception has occurred while processing the transport message. This could be an error that occurred while attempting to extract a token or while attempting to authenticate the request- Specified by:
exceptionProcessingRequestin interfaceAuthenticationFailureHandler- Parameters:
message- The message that was being authenticated when the exception occurredaction- The name of the action that the message is trying to performe- The exception that was throwncontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
missingToken
Description copied from interface:AuthenticationFailureHandlerThis method is called when a REST request is received and no authentication token could be extracted AND anonymous access is disabled. If anonymous access is enabled, this method will not be called- Specified by:
missingTokenin interfaceAuthenticationFailureHandler- Parameters:
request- The request that did not have a tokencontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
missingToken
public ElasticsearchSecurityException missingToken(TransportRequest message, String action, ThreadContext context) Description copied from interface:AuthenticationFailureHandlerThis method is called when a transport message is received and no authentication token could be extracted AND anonymous access is disabled. If anonymous access is enabled this method will not be called- Specified by:
missingTokenin interfaceAuthenticationFailureHandler- Parameters:
message- The message that did not have a tokenaction- The name of the action that the message is trying to performcontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
authenticationRequired
Description copied from interface:AuthenticationFailureHandlerThis method is called when anonymous access is enabled, a request does not pass authorization with the anonymous user, AND the anonymous service is configured to throw an authentication exception instead of an authorization exception- Specified by:
authenticationRequiredin interfaceAuthenticationFailureHandler- Parameters:
action- the action that failed authorization for anonymous accesscontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-